Hacker group LAPSUS$ posted screenshots Monday night claiming it had achieved administrator access to Okta, a user authentication and data management company. If that’s true, it’s potentially bad for a number of large firms that use Okta’s services, as the hackers could worm their way into other companies’ networks using passwords stored in Okta.
“Just some photos from our access to Okta.com Superuser/Admin and various other systems,” the hacking group wrote on its Telegram channel. “For a service that powers authentication systems to many of the largest corporations (and FEDRAMP approved) I think these security measures are pretty poor.”
The hacker group went on to post in all caps explaining that they didn’t access or steal any databases from Okta itself. “Our focus was ONLY on Okta customers,” the hacker group explained.
The screenshots include a timestamp from January of this year, suggesting the hackers have had access to Okta’s systems for months, if the screenshots themselves are authentic. It’s unclear whether the hackers still have that access. For its part, Okta claims the hackers only made limited incursions into its networks, and only then through a subcontractor.
“In late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors,” a spokesperson for the company, Chris Hollis, said in an email to Gizmodo early Tuesday.
“The matter was investigated and contained by the subprocessor. We believe the screenshots shared online are connected to this January event. Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.”
The hack, first reported by Reuters, comes after LAPSUS$ claimed on Monday it had gotten 37 GB worth of source code for Microsoft’s Bing search engine and the Cortana virtual assistant.
LAPSUS$ previously hacked tech companies like Nvidia, Ubisoft, and Samsung, typically working under a data extortion model, as Bleeping Computer notes. The hacking group acquires large amounts of sensitive data and demands ransom in order to get a big payout from the company that was hacked. If the sum isn’t paid, LAPSUS$ leaks the data.
In a more typical ransomware situation, the data is encrypted and people on the inside can’t get access to their own information anymore, but as Wired points out, LAPSUS$ doesn’t bother with locking up any data. The group just steals it outright, which is very unusual.
LAPSUS$ hasn’t made any demands known to be related to the Okta hack. At least not yet.